<?php
// ========================== 文件说明 ==========================//
// 本文件说明：后台首页
// --------------------------------------------------------------//
// 本程序作者：angel
// --------------------------------------------------------------//
// 本程序版本：SaBlog-X Ver 1.6
// --------------------------------------------------------------//
// 本程序主页：http://www.sablog.net
// ========================== 开发环境 ==========================//
// register_globals = Off
// --------------------------------------------------------------//
// magic_quotes_gpc = On
// --------------------------------------------------------------//
// safe_mode = On
// --------------------------------------------------------------//
// Windows server 2003 & Linux & FreeBSD
// --------------------------------------------------------------//
// Apache/1.3.33 & PHP/4.3.2 & MySQL/4.0.17
// --------------------------------------------------------------//
// Apache/1.3.34 & PHP/4.4.1 & MySQL/5.0.16
// --------------------------------------------------------------//
// Apache/2.0.55 & PHP/5.1.1 & MySQL/5.0.15
// --------------------------------------------------------------//
// Copyright (C) Security Angel Team All Rights Reserved.
// ==============================================================//



// 加载公用函数
require_once('include/common.inc.php');

// 加载后台常用函数
require_once(SABLOG_ROOT.'include/func/admin.func.php');

// 检查安装文件是否存在
if (file_exists('install')) {
	exit('Installation directory: install/ is still on your server. Please DELETE it or RENAME it now.');
}

if($_GET['action'] == 'updateping') {
	xmlrpc();
}

// 登陆验证
if($_POST['action'] == 'dologin') {
	if ($options['seccode']) {
		$clientcode = $_POST['clientcode'];
		if (!$clientcode || strtolower($clientcode) != strtolower($seccode)) {
			$seccode = random(4, 1);
			updatesession();
			redirect('验证码错误,请返回重新输入.', $login_url);
		}
	}

	$username = char_cv(trim($_POST['username']));
	if (isemail($username)) {
		$account_field = 'email';
	} else {
		$account_field = 'username';
	}
	$password = md5($_POST['password']);
	$userinfo = $DB->fetch_one_array("SELECT userid,password,logincount FROM {$db_prefix}users WHERE $account_field='$username' LIMIT 1");

	if ($userinfo['userid'] && $userinfo['password'] == $password) {
		//更新登陆次数、登陆时间和登陆IP
		$DB->unbuffered_query("UPDATE {$db_prefix}users SET logincount=logincount+1, logintime='$timestamp', loginip='$onlineip' WHERE userid='$userinfo[userid]'");
		$logincount = $userinfo['logincount']+1;
		$sax_uid = $userinfo['userid'];
		//保存COOKIE
		scookie('sax_auth', authcode("$sax_uid\t$password\t$logincount"), $login_life);
		//更新数据库中的登陆会话
		updatesession();
		loginresult($username, 'Succeed');
		redirect('登陆成功', $options['url']);
	} else {
		loginresult($username, 'Failed');
		dcookies();
		redirect('登陆失败', $login_url);
	}
}

//注销
if ($_GET['action'] == 'logout') {
	replacesession();
	dcookies();
	$sax_group = 4;
	$sax_uid = 0;
	$sax_user = $sax_pw = '';
	redirect('注销成功', $options['url']);
}

//注册表单
if ($action == 'register') {
	if ($options['closereg']) {
		redirect('禁止注册新用户', $referer);
	}
	if (!submitcheck('submit', 1)) {
		if ($sax_uid && $sax_pw && $sax_group && $sax_hash) {
			redirect('您已经处于登陆状态', $referer);
		}
		cpheader();
		include template('register');
		cpfooter();
	} else {
		//取值
		$username        = trim($_POST['username']);
		$password        = $_POST['password'];
		$confirmpassword = $_POST['confirmpassword'];
		$email           = trim($_POST['email']);
		$url             = trim($_POST['url']);
		$referer         = trim($_POST['referer']);

		//检测网址
		if (!isurl($url)) {
			redirect('网站URL错误');
		}

		//检测用户名
		if(!$username || strlen($username) > 20) {
			redirect('用户名为空或者超过20字节.', $reg_url);
		}

		if ($options['censoruser']) {
			$options['censoruser'] = str_replace('，', ',', $options['censoruser']);
			$banname = explode(',',$options['censoruser']);
			foreach($banname as $value){
				if (strpos($username,$value) !== false){
					redirect('此用户名包含不可接受字符或被管理员屏蔽,请选择其它用户名.', $reg_url);
				}
			}
		}

		$name_key = array("\\",'&',' ',"'",'"','/','*',',','<','>',"\r","\t","\n",'#','$','(',')','%','@','+','?',';','^');
		foreach($name_key as $value){
			if (strpos($username,$value) !== false){
				redirect('此用户名包含不可接受字符或被管理员屏蔽,请选择其它用户名.', $reg_url);
			}
		}

		//检测密码
		if (!$password || strlen($password) < 8) {
			redirect('密码不能为空并且密码长度不能小于8位.',$reg_url);
		}
		if ($password != $confirmpassword) {
			redirect('请确认输入的密码一致.', $reg_url);
		}
		if (strpos($newpassword,"\n") !== false || strpos($password,"\r") !== false || strpos($password,"\t") !== false) {
			redirect('密码包含不可接受字符.', $reg_url);
		}

		$username = char_cv($username);
		$r = $DB->fetch_one_array("SELECT userid FROM {$db_prefix}users WHERE username='$username' LIMIT 1");
		if($r['userid']) {
			redirect('该用户名已被注册.');
		}
		$email = char_cv($email);
		$r = $DB->fetch_one_array("SELECT userid FROM {$db_prefix}users WHERE email='$email' LIMIT 1");
		if($r['userid']) {
			redirect('该E-mail已被注册.');
		}

		$password = md5($password);

		$DB->query("INSERT INTO {$db_prefix}users (username, password, logincount, loginip, logintime, email, url, regdateline, regip, groupid, lastip, lastvisit, lastactivity) VALUES ('$username', '$password', '1', '$onlineip', '$timestamp', '$email', '$url', '$timestamp', '$onlineip', '3', '$onlineip', '$timestamp', '$timestamp')");
		$sax_uid = $DB->insert_id();

		$DB->unbuffered_query("UPDATE {$db_prefix}statistics SET user_count=user_count+1");
		//保存COOKIE
		scookie('sax_auth', authcode("$sax_uid\t$password\t1"), $login_life);
		//更新数据库中的登陆会话
		updatesession();

		require_once(SABLOG_ROOT.'include/func/cache.func.php');
		statistics_recache();
		redirect('注册成功.', $options['url']);
	}
}

//登陆状态检测
if (!$sax_uid || !$sax_pw || !$sax_logincount || !$sax_hash) {
	loginpage();
}

$job = sax_addslashes($_GET['job'] ? $_GET['job'] : $_POST['job']);

// 加载缓存操作函数
require_once(SABLOG_ROOT.'include/func/cache.func.php');
require_once(SABLOG_ROOT.'include/func/permalink.func.php');

// 提交自动保存数据
if ($action == 'autosave') {
	if ($_POST['title'] || $_POST['description'] || $_POST['content']) {
		autosave_recache($_POST['title'], $_POST['description'], $_POST['content']);
	}
}

// 记录管理的一切操作
getlog();


if ($sax_group == 1) {
	$adminitem = array(
		'main' => '首页',
		'article' => '文章',
		'comment' => '评论',
		'attachment' => '附件',
		'category' => '分类',
		'user' => '用户',
		'link' => '链接',
		'template' => '模板',
		'tools' => '维护',
		'configurate' => '设置',
		'files' => '文档',
		'caselib' => '案例库',
	);
} elseif ($sax_group == 2) {
	$adminitem = array(
		'article' => '文章',
		'files' => '文档',
		'user' => '用户',
		'caselib' => '案例库',
	);
	!$job && $job = 'article';
	// 撰写组菜单
} else {
	$adminitem = array();
	$job = 'user';
	$action = in_array($action, array('profile','modprofile')) ? $action : 'profile';
	// 注册组菜单
}

$groupdb = array(
	1 => '管理组',
	2 => '撰写组',
	3 => '注册组',
	4 => '访客组',
);

if (!$job) {
	$job = 'main';
} else {
	if (strlen($job) > 20) {
		$job = 'main';
	}
	$job = str_replace(array('.','/','\\',"'",':','%'),'',$job);
	$job = basename($job);
	$job = in_array($job, array('main','article','comment','attachment','category','user','link','template','tools','configurate','files','caselib')) ? $job : 'main';
}

$subnav = '';
if (file_exists('admin/'.$job.'.php')) {
	include ('admin/'.$job.'.php');
} else {
	include ('admin/main.php');
}

cpfooter();

?>